Methods, Apparatuses, Devices and Systems for Backtracking Service Behavior

1. A computer-implemented method for backtracking user operation of services, comprising: receiving an authorization request from a service device, wherein the authorization request is based on a service processing request from a client device, and the authorization request comprises: data corresponding to a user's operation related to a service on the client device, authorization information for accessing the data granted by the user to the service device, a first digital identity of the user, and a second digital identity of the service device; in response to determining that the authorization information satisfies a predetermined condition, generating a claim based on first ciphertext of the data, the authorization information, the first digital identity, and the second digital identity, wherein the claim indicates that the data is accessible by the service device; recording the claim to a blockchain; receiving a permission sharing request comprising identification information of service data corresponding to the service and a third digital identity of a supervising user; and in response to determining that the supervising user has permission to access the claim, granting permission to the supervising user to backtrack the user's operation on the client device corresponding to the service based on the claim in the blockchain, comprising: generating second ciphertext based on the claim and a public key corresponding to the third digital identity, wherein the claim is obtained from the blockchain based on the identification information; associating and saving the second ciphertext and the third digital identity to the blockchain; and sending permission sharing success information to the service device, wherein the permission sharing success information is used by the service device to send query acknowledgment to the supervising user that allows the supervising user to obtain the second ciphertext from the blockchain based on the third digital identity, and perform decryption of the second ciphertext using a private key corresponding to the third digital identity to obtain the data.

2. The computer-implemented method according to claim 1 , wherein the authorization request further comprises: the identification information of service data corresponding to the service, and wherein generating the claim based on the data, the authorization information, the first digital identity, and the second digital identity comprises: generating the first ciphertext of the data based on a predetermined encryption method; and generating the claim based on the identification information, the first ciphertext, the authorization information, the first digital identity, and the second digital identity.

3. The computer-implemented method according to claim 2 , wherein the permission sharing request is sent from the service device and based on a query from the supervising user wherein granting permission to the supervising user to backtrack the user's operation related to the service on the client device to the data based on the claim in the blockchain comprises granting permission to the supervising user to backtrack the user's operation related to the service on the client device to the data based on the permission sharing request.

4. The computer-implemented method according to claim 3 , wherein the permission sharing request further comprises: the third digital identity of the supervising user, and granting permission to the supervising user to backtrack the user's operation on the client device corresponding to the service based on the permission sharing request comprises: obtaining the claim from the blockchain based on the identification information; generating the second ciphertext based on the claim and the public key corresponding to the third digital identity; and sending the second ciphertext to the supervising user, wherein the supervising user performs decryption based on the second ciphertext and the private key corresponding to the third digital identity to obtain the data; and sending permission sharing success information to the service device.

5. The computer-implemented method according to claim 3 , wherein generating the first ciphertext of the data based on the predetermined encryption method comprises: encrypting the data based on the public key corresponding to the second digital identity to obtain the first ciphertext, and wherein generating the second ciphertext based on the claim and the public key corresponding to the third digital identity comprises: decrypting the first ciphertext in the claim based on the private key corresponding to the second digital identity to obtain the data; and encrypting the data based on the public key corresponding to the third digital identity to obtain the second ciphertext.

6. The computer-implemented method according to claim 3 , wherein generating the first ciphertext of the data based on the predetermined encryption method comprises: determining a first key of the service device; and encrypting the data based on the first key to obtain the first ciphertext, and wherein recording the claim to the blockchain comprises: encrypting the first key based on the public key corresponding to the second digital identity to obtain a third ciphertext; and associating and saving the third ciphertext and the claim to the blockchain.

7. The computer-implemented method according to claim 6 , wherein generating the second ciphertext based on the claim and the public key corresponding to the third digital identity comprises: obtaining the third ciphertext from the blockchain; decrypting the third ciphertext based on the private key corresponding to the second digital identity to obtain the first key; and encrypting the first key based on the public key corresponding to the third digital identity to obtain the second ciphertext, wherein associating and saving the second ciphertext and the third digital identity to the blockchain comprises: associating and saving the identification information, the second ciphertext, and the third digital identity to the blockchain, and wherein sending the second ciphertext to the supervising user comprises: sending the first ciphertext and the second ciphertext to the supervising user.

8. The computer-implemented method according to claim 2 , further comprising, after recording the claim to the blockchain: generating permission sharing record based on the identification information and the third digital identity, and saving the permission sharing record to the blockchain; receiving a query from the supervising user, wherein the query comprises the third digital identity and the identification information; in response to determining that the permission sharing record is identified from the blockchain based on the third digital identity and the identification information in the query, obtaining the claim from the blockchain based on the identification information; and decrypting the first ciphertext in the claim to obtain the data, and sending the data to the supervising user.

9. The computer-implemented method according to claim 1 , further comprising: receiving a message subscription request from the supervising user; processing message subscription based on the message subscription request, and sending message subscription success information to the supervising user; and in response to determining that the claim is successfully saved to the blockchain, sending push information to the supervising user, granting permission to the supervising user to access the claim, and allowing the supervising user to backtrack the user's operation related to the service on the client device based on the claim in the blockchain.

10. The computer-implemented method according to claim 1 , wherein the authorization request comprises a hash value of the data and a storage address of the data, wherein generating the claim based on the data, the authorization information, the first digital identity, and the second digital identity comprises: generating the claim based on the hash value, the storage address, the authorization information, the first digital identity, and the second digital identity.

11. The computer-implemented method according to claim 1 , wherein determining that the authorization information satisfies the predetermined condition comprises: obtaining verification information to be verified of the user; and determining that the authorization information satisfies the predetermined condition if the verification information passes verification.

12. The computer-implemented method according to claim 1 , wherein the authorization request further comprises first signature data, the first signature data obtained by signing specified data with a private key corresponding to the first digital identity, and wherein determining that the authorization information satisfies the predetermined condition comprises: obtaining a public key corresponding to the first digital identity; and verifying the first signature data based on the public key, and determining that the authorization information satisfies the predetermined condition if the verification succeeds.

13. The computer-implemented method according to claim 1 , further comprising, before receiving the authorization request from the service device: receiving an application request for digital identity information from the service device, wherein the application request comprises user information of the user; generating the first digital identity based on the application request; associating and saving the first digital identity and the user information; and sending the first digital identity to the service device, such that the service device sends the first digital identity to the client device.

14. The computer-implemented method according to claim 1 , wherein the data comprises one or more of video data, image data, and text data.

15. A computer-implemented system for backtracking user operation of services, comprising: one or more computers; and one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform operations comprising: receiving an authorization request from a service device, wherein the authorization request is based on a service processing request from a client device, and the authorization request comprises: data corresponding to a user's operation related to a service on the client device, authorization information for accessing the data granted by the user to the service device, a first digital identity of the user, and a second digital identity of the service device; in response to determining that the authorization information satisfies a predetermined condition, generating a claim based on first ciphertext of the data, the authorization information, the first digital identity, and the second digital identity, wherein the claim indicates that the data is accessible by the service device; recording the claim to a blockchain; receiving a permission sharing request comprising identification information of service data corresponding to the service and a third digital identity of a supervising user; and in response to determining that the supervising user has permission to access the claim, granting permission to the supervising user to backtrack the user's operation on the client device corresponding to the service based on the claim in the blockchain, comprising: generating second ciphertext based on the claim and a public key corresponding to the third digital identity, wherein the claim is obtained from the blockchain based on the identification information; associating and saving the second ciphertext and the third digital identity to the blockchain; and sending permission sharing success information to the service device, wherein the permission sharing success information is used by the service device to send query acknowledgment to the supervising user that allows the supervising user to obtain the second ciphertext from the blockchain based on the third digital identity, and perform decryption of the second ciphertext using a private key corresponding to the third digital identity to obtain the data.

16. The computer-implemented system according to claim 15 , wherein the authorization request further comprises: the identification information of service data corresponding to the service, and wherein generating the claim based on the data, the authorization information, the first digital identity, and the second digital identity comprises: generating the first ciphertext of the data based on a predetermined encryption method; and generating the claim based on the identification information, the first ciphertext, the authorization information, the first digital identity, and the second digital identity.

17. The computer-implemented system according to claim 16 , wherein the permission sharing request is sent from the service device and based on a query from the supervising user wherein granting permission to the supervising user to backtrack the user's operation related to the service on the client device to the data based on the claim in the blockchain comprises granting permission to the supervising user to backtrack the user's operation related to the service on the client device to the data based on the permission sharing request.

18. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations for backtracking user operation of services, comprising: receiving an authorization request from a service device, wherein the authorization request is based on a service processing request from a client device, and the authorization request comprises: data corresponding to a user's operation related to a service on the client device, authorization information for accessing the data granted by the user to the service device, a first digital identity of the user, and a second digital identity of the service device; in response to determining that the authorization information satisfies a predetermined condition, generating a claim based on first ciphertext of the data, the authorization information, the first digital identity, and the second digital identity, wherein the claim indicates that the data is accessible by the service device; recording the claim to a blockchain; receiving a permission sharing request comprising identification information of service data corresponding to the service and a third digital identity of a supervising user; and in response to determining that the supervising user has permission to access the claim, granting permission to the supervising user to backtrack the user's operation on the client device corresponding to the service based on the claim in the blockchain, comprising: generating second ciphertext based on the claim and a public key corresponding to the third digital identity, wherein the claim is obtained from the blockchain based on the identification information; associating and saving the second ciphertext and the third digital identity to the blockchain; and sending permission sharing success information to the service device, wherein the permission sharing success information is used by the service device to send query acknowledgment to the supervising user that allows the supervising user to obtain the second ciphertext from the blockchain based on the third digital identity, and perform decryption of the second ciphertext using a private key corresponding to the third digital identity to obtain the data.